The NSA guidance explains, “The Zero-Trust security model assumes that a breach is inevitable or has likely already occurred, so it constantly limits access to only what is needed and looks for anomalous or malicious activity.” Governments have been using this “need to know” paradigm since time immemorial when dealing with state secrets; though, given the number of insider threat cases being prosecuted that involve government insiders, one is right to question the efficacy/implementation of a “need to know.”
